Persona based billing

ABSTRACT

A mobile device receives from a first client application a request to exchange first data over a mobile communication network. The mobile device determines whether the first client application is associated with a first persona or a second persona of a user. Upon determining the first client application is associated with the first persona, the mobile device establishes a first data connection based on a first Access Point Name (APN) network identifier with the mobile communication network and routes the first data over the first data connection. The mobile device also receives from a second client device a request to exchange second data over the mobile communication network. Upon determining the second client application is associated with the second persona, the mobile device establishes a second data connection based on a second APN network identifier with the mobile communication network and routes the second data over the second data connection.

BACKGROUND

Employees are demanding more and more that their companies' ITdepartment support the devices they want to use. This is known as BringYour Own Device (“BYOD”) trend. Employees also prefer to carry onedevice that can be used for both business and personal purposes. Theenterprises are looking for ways to increase employee productivity andreduce mobility costs. To strike a balance, enterprises may allow fordevice flexibility while at the same time investing in the platforms toaddress the security and management challenges presented by employeesbringing their mobile devices into work.

There are several applications today such as, for example, Good forEnterprise (“Good”) that provide a way to keep business data andapplications on a user device separate from personal data andapplications in support of the BYOD trend. The solution such as Goodworks by creating an encrypted block of memory on the user device (i.e.sandbox, container, etc.) where business data and applications canreside and managed separately from personal data and applications (i.e.everything else on the device). The vendors in this space have alsotypically provided a management tool for enterprises to create andenforce policies over the mobile device sandbox/container. For example,Good provides a tool called Good Mobile Manager that performs thispolicy management function over their proprietary mobile device sandboxtechnology.

Sandboxing/containerization technology has been around for severalyears. However, such technology does not address how to apply differentrouting and billing models for different types of data transmitted overthe air between the mobile device and the wireless service provider.Mobile data generated by a subscriber has generally been considered tobe in one class and billed against the account that is liable for theline of service regardless of whether the mobile data is work-related orpersonal related. Although the concept of providing a separate bill tothe enterprise for business data usage consumed from a user's device hasbeen discussed with customers and the analyst community, a need stillexists to implement such concept and separate data consumption based onpersona type (e.g., personal persona and business personal). This allowsa wireless service provider to provide two types of data services for asingle subscriber.

BRIEF DESCRIPTION OF THE DRAWINGS

The drawing figures depict one or more implementations in accord withthe present teachings, by way of example only, not by way of limitation.In the figures, like reference numerals refer to the same or similarelements.

FIG. 1 is a functional block diagram describing a network allowing auser equipment (UE) to establish multiple APN data connections with thenetwork to separate business data usage from personal data usage;

FIG. 2 illustrates an exemplary process for establishing a persona-baseddata billing account and registering employees to the persona-based databilling account;

FIG. 3A illustrates an exemplary user interface that may be displayed toa user under the setup tab of a persona-based data billing application;

FIG. 3B illustrates an exemplary user interface for managing linesassociated with a specific enterprise persona-based data billingaccount;

FIG. 3C illustrates an exemplary user interface for managing plansassociated with a specific enterprise persona-based data billingaccount;

FIG. 4 illustrates an exemplary process for accessing the a businessdata application on the UE shown in FIG. 1;

FIGS. 5A-5B illustrate an exemplary process for establishing a dataconnection between the UE and the network shown in FIG. 1;

FIG. 6 illustrates an exemplary process for controlling the businessdata application and its business content via the policy managementserver and the business data server shown in FIG. 1;

FIG. 7 illustrates an exemplary process for establishing a connectionbetween the UE and the policy management server shown in FIG. 1;

FIG. 8 illustrates an exemplary process for establishing a connectionbetween the UE and the business data server shown in FIG. 1;

FIG. 9 illustrates an exemplary process for installing enterpriseassociated policies for the business data application shown in FIG. 1;

FIG. 10 is a simplified functional block diagram of a computer that maybe configured to function as any of the devices of FIG. 1; and

FIG. 11 is a simplified functional block diagram of a personal computeror other work station or terminal device that may be configured tofunction as any of the devices of FIG. 1.

DETAILED DESCRIPTION

In the following detailed description, numerous specific details are setforth by way of examples in order to provide a thorough understanding ofthe relevant teachings. However, it should be apparent to those skilledin the art that the present teachings may be practiced without suchdetails. In other instances, well known methods, procedures, components,and/or circuitry have been described at a relatively high-level, withoutdetail, in order to avoid unnecessarily obscuring aspects of the presentteachings.

The various examples disclosed herein relate to techniques andequipments for configuring a user device to store business content andapplications separate from the personal content and applications andprovide separated billing for business data usage and personal datausage. To accomplish this, the user device may leverage multiple AccessPoint Name (APN) connections to facilitate the transmission, routing andbilling of data traffic between the device and the wireless serviceprovider based on the persona that consumed the data. Each APNconnection may correspond to a different communication tunnel betweenthe device and a specific Public Data Network (PDN). Personal data maytraverse a personal PDN (e.g., Internet APN) tunnel and business datamay traverse a business PDN (e.g., 800 APN) tunnel. This way the networkcan distinguish data associated with the business from data notassociated with business and bill the customer accordingly. The businessdata usage, for example, may be billed to the enterprise's account andthe personal data usage may be billed to the user's personal account. Ina BYOD context, the wireless service provider could sell one dataservice to the employee for personal data consumption and another dataservice to the employee's company for business data consumption. Theemployee may be billed and pay for the personal data consumption and thecompany may be billed and pay for the business data consumption.

Reference now is made in detail to the examples illustrated in theaccompanying drawings and discussed below. FIG. 1 is a functional blockdiagram describing a network 100 allowing a piece of user equipment (UE)to establish multiple APN data connections with the network 100 toseparate business data usage from personal data usage. The network 100may have all of the features, hardware, and systems of other networks,however, in this example, only the relevant portions of the network aredescribed. The network 100 can have a Home Subscriber Server (HSS) 110.The HSS 110 evolved from a Home Location Register (HLR). In 3GPPnetworks, and particularly in the LTE architecture (for 3G and 4Gnetworks), the HSS 110 can be a database of user (subscriber)information, i.e., customer profiles. The user information may includeaccount information, account status, user preferences, featuressubscribed to by the user, user's current location, and allowable APNs.In roaming scenarios, the HSS 110 in the network 100 provides the userprofile to a Mobility Management Entity (MME) 112.

The MME 112 is a control-node for the LTE access-network, in that it canbe a single point (or “node”) within the network that integratesnumerous core functions and control over network flow, load sharing,etc. It can be responsible for tracking, paging, and retransmissionprocedures to the UE 102. The MME 112 can also be involved in the UE'sactivation/deactivation of service flows (also known as bearers) and isalso responsible for authenticating the UE 102 when it is roaming, byinteracting with the HSS 110. The UE 102 through the base station 114 orone of the eNodeBs 116 and the Serving Gateway (SGW) 118, and MME 112,registers and authenticates with the network 100. The network 100includes LTE servers such as, for example, Policy Control and ChargingRules Function (PCRF) 120, MME 112, personal PDN Gateway (PGW) 122,business PGW 123, and the SOW 118. The network 100 also includes PDNservers located in the PDN cloud 124. The PDN cloud 124 may includeInternet PDN and 800 PDN. The authentication procedure between the UE102 and the MME 112 can involve multiple messages per current 3GPPstandards (Authentication Request/Response, Security ModeCommand/Complete, etc).

The HSS 110 communicates with the MME 112 using an S6a protocol. Thecommunication between HSS 110 and the MME 112 may traverse zero, one, ormultiple diameter proxies. In the illustrated example, the communicationoccurs through no diameter proxies. The diameter proxy is a bordergateway for the diameter protocol. The diameter protocol is a nextgeneration Authentication, Authorization, and Accounting (AAA) protocolfor IP communication networks. The protocol facilitates the exchange ofAAA related information within the network. The S6a protocol enablestransfer of profile and authentication data forauthenticating/authorizing user access between the HSS 110 and the MME112. The MME 112 can be responsible for a number of tasks, as notedabove.

The PCRF 120 is configured to specify the QoS for the bearer based on aQoS Class Identifier (QCI) and ensures such specification is inaccordance with the user's subscription profile stored on the HSS 110.The subscriber profile may include information about the subscriber. Theinformation may include, for example, the MDN associated with the UE 102and the various services subscribed to by the subscriber. The subscriberprofile on the HSS 110 may also include information about which APNs theUE 102 is allowed to access. The APN may be a parameter used by the UE102 to inform the network 100, which PGW (e.g., personal PGW 122 orbusiness PGW 123) the UE 102 is requesting to use for communication withthe network 100. The APN may include the personal APN and business APN.The personal APN may correspond to the Internet APN, and the businessAPN may correspond to the 800 APN.

To illustrate one specific example, when the Internet browser isselected on the UE 102, the attach request from the UE 102 to thenetwork 100 may reference the Internet APN. The MME 112 may receive theattach request for the Internet APN and may send the request to thepersonal PGW 122. The personal PGW 122 may then create a personal tunnelfrom the UE 102 to the Internet. The personal tunnel may be from the UE102 to the Internet PDN. The personal PGW 122 may first check with HSS110 to confirm that the UE 102 is authorized to use the personal PGW 122to access the Internet. The UE 102 by virtue having subscription withthe mobile communication network provider may be registered to accessthe personal PGW 122. The traditional Internet usage, for example,accessing Facebook, Twitter or just Internet browsing using the Internetexplorer application on the UE 102 may go through the personal tunnel.The traffic associated with the personal tunnel may be charged to theuser's personal account on the VISION 111 and appear on the user'smonthly bill.

In support of persona-based data billing, the network 100 also includesbusiness PGW 123. The business PGW 123 is added to separate businesstraffic from all traffic associated with other PGWs (e.g., the personalPGW 122). The business PGW 123 may only be connected to the IP addressesof the businesses that subscribe to persona-based data billing. The UE102 may request connection to the business PGW 123 by sending the 800APN attach request to the MME 112. The UE 102 may only send the requestfor the 800 APN while the user is in active in the business persona. Thebusiness persona is active or selected when the user is operating withinthe space of the business data application 102 a on the UE 102. Thebusiness persona is not active or selected when the user is notoperating within the business data application 102 a on the UE 102. Whenthe user is not operating within the space of the business dataapplication 102 a on the UE 102, the user is said to be active in thepersonal persona. The MME 112 may receive the attach request for the 800APN and may send the request to the business PGW 123. The business PGW123 may then create a business tunnel from the UE 102 to the IPaddresses of the business that subscribes to the persona-based billing.The business PGW 123 may first check with HSS 110 to confirm that the UE102 is authorized to use the business PGW 123. The HSS 110 may includean indicator that the UE 102 is registered for the persona-based billingand may indicate the same to the business PGW 123. The UE 102 may beregistered for the persona-based billing by the user's employer.

In one specific example, the user of the UE 102 provides consent to theuser's employer to be registered for persona-based data billing service.In response, the employer adds persona-based billing feature to theMobile Directory Number (MDN) associated with the UE 102 and assignsbusiness applications to the user. The communication network providermay assign rating groups to the persona-based billing account. Therating group may be associated with a collection of IP addresses. Thecollection of business IP addresses may be associated with the businessapplications assigned to the user. These information may be registeredwith the network at VISION 111, for example. For example, the VISION 111may maintain the rating group to the persona-based billing accountrelationship. The business POW 123 may maintain the IP addresses to therating group relationship. The HSS 110 may also store informationregarding the employee being registered for the persona-based databilling and allowed to access the business PGW 123.

The enterprise may first register for policy management service atpolicy management server 140 to provide the UE 102 with a business dataapplication 102 a. The business data application 102 a may be configuredto facilitate the secure containerization of business data on the UE102, To this end, the business data application 102 a is configured toseparate the business content and applications on the UE 102 from thepersonal content and applications and to provide separate billing forbusiness traffic usage and the personal traffic usage. The policymanagement server 140 is also configured to create and enforce policiesover the business data application 102 a. To this end, upon creating anaccount with the policy management server 140, the enterprise may createa dual persona group under its policy management account, identifyingemployees for which the enterprise wishes to pay for their work-relateddata usage. The enterprise also creates a persona-based data billingaccount with the network 100. The persona-based data billing account maybe created in VISION 111 and may identify the collection of IP addresses(e.g., rating groups) used by the business data application 102 a forwhich the data usage should be charged to the enterprise. The VISION 111maintains the record of the authorized employees and rating groups andallows for business traffic associated with one of the rating groups tobe charged to the enterprise's account and other traffics to be chargedto the user's personal account.

The UE 102 is configured to establish two data connections with thenetwork 100—one with personal PDN through the personal PGW 122 and onewith business PDN through the business PGW 123. Moving forward, it isassumed that the personal PDN corresponds to the Internet PDN, and thebusiness PDN corresponds to the 800 PDN. However, it is understood thatthe personal and business PDNs can correspond to other types of PDNs aswell (e.g., IMS PDN, Admin PDN, App PDN). The business trafficoriginating from the business data application 102 a may be routed overthe business PGW 123 toward the 800 PDN and may be charged to theenterprise; whereas, the personal traffic origination from applicationsnot housed within the business data application 102 a may be routed overthe personal PGW 122 toward the Internet PDN and may be charged to theuser's personal account. This may allow the UE 102 to be used for bothbusiness and personal purposes. In one specific example, the user maytake the UE 102 to the user's work and use the device for at least someportion of the day for work. The personal data may traverse over thepersonal PGW 122 toward the Internet PDN and may be captured and chargedto the user's account on the mobile communication network. The work datamay traverse over the business PGW 123 toward the 800 PDN and may becaptured and charged to the employer's account on the mobilecommunication network.

When the UE 102 setups data connection with each PDN, such as theInternet PDN or the 800 PDN, a data session may be created. Each datasession may have one default bearer. Each bearer may be associated withone QCI. For example, when the UE 102 is connected to the Internet PDNand 800 PDN, two data sessions are set up. Each data session has onedefault bearer. Each default bearer is assigned with one QCI. Based onthe subscriber profile, the PCRF 120 may determine the QCI that defaultbearer may use and then pass this information to the personal PGW 122 orthe business PGW 123 during the data session setup depending on the APNused in the attachment request from the UE 102. For the Internet APN,the PCRF 120 may pass the QCI information to the personal PGW 122. Forthe 800 APN, the PCRF 120 may pass the QCI information to the businessPGW 123. The PGW (e.g., the personal PGW 122 or the business PGW 123depending on the APN) may then set up a data session and default bearerwith the proper QCI. The PGW is configured to assign IP addresses to theUE 102. The PGW is also responsible for QoS enforcement based on thespecified QoS by the PCRF 120. The SGW 118 is configured to receive theuser's IP packets. The SGW 112 is also configured to serve as a mobilityanchor for the bearers when the UE 102 moves from one eNodeB 116 toanother. In the illustrated example, the MME 112 also communicates withthe base station/antenna 114 to receive information and requestsinformation from the UE 102.

The UE 102 is shown to be a laptop but can take other forms. Forexample, the UE 102 can take the form of portable handsets, smart-phonesor personal digital assistants, although they may be implemented inother form factors. Program applications, including the business dataapplication 102 a for supporting multiple APN connections can beconfigured to execute on many different types of mobile devices. Forexample, a mobile station application can be written to execute on abinary runtime environment for mobile (BREW-based) mobile station, aWindows Mobile based mobile station, Android, I-Phone, Java Mobile, orRIM based mobile station such as a BlackBerry or the like. Some of thesetypes of devices can employ a multi-tasking operating system.

As noted above, the business data application 102 a may be a mobileapplication that is configured to keep separate business data andapplications on the UE 102 from the personal data and applications. Tothis end, the business data application 102 a may create an encryptedblock of memory on the UE 102 (e.g., a container) where business dataand applications reside and managed separately from personal data andapplication. In one implementation, the business data application 102 amay look like other mobile applications and may be selectable by theuser. Upon selection, the business data application 102 a may grant useraccess to the business-related applications housed within the businessdata application 102 a. The business-related applications may includework e-mail, work calendar, and other work-related applications. Thebusiness data application 102 a may be downloaded on the UE 102 throughthe network 100 and via instructions from the enterprise associated withthe user.

The enterprise may be provided with management tool to create andenforce policies over the business data application 102 a. Themanagement tool may include the policy management service offered by thepolicy management server 140. The enterprise may contact thecommunication network provider (e.g., Verizon) and sign a policymanagement agreement with the communication network provider to accessthe policy management server 140. Upon execution of the agreement, thecommunication network provider creates a policy management account forthe enterprise at the VISION 111. The account may include enterpriseaccount number associated with the policy management service, billinginformation, and employees' information. The enterprise may be able topay a monthly fixed fee for the policy management service regardless ofthe number of employees registered for the policy management service ormay be charged a monthly fixed fee based on the number of employeesregistered for the policy management service. In one example, theenterprise may be charged a fixed fee for the policy management servicebased on the type of applications registered for the policy managementservice.

The policy management server 140 provides the enterprise access to thePolicy management portal 142. The policy management portal 142 includeswork-related applications that the enterprise may wish to distribute tothe employees' devices based on the policy group and/or device typeassociated with the employees. Upon accessing the policy managementportal 142, the enterprise may create various groups and may assign itsemployees to one or more of the various groups. The various groups mayinclude groups based on line of business (e.g., sales, engineering). Theenterprise registers its employees to one or more of the various groupsby providing the employees credentials to the policy management portal142. The types of applications distributed to the employees may dependon the group with which the employees are registered. For example, theemployee registered with the sales group may receive one set ofapplications; whereas, the employee registered with the engineeringgroup may receive another set of applications. The policy managementportal 142 saves the employee's credentials for later authenticating theemployee and confirming whether or not the employee is registered forthe policy management service.

The enterprise wishing to support BYOD policy may create a group forBYOD employees. The enterprise may then register the employees to thisgroup and identify various policies for this group. The various policiesmay include for example, the employees installing the business dataapplication 102 a on their devices. The business data application 102 amay be downloaded from the policy management portal 142 to the UE 102.For example, upon registering the employee in the BYOD group, theenterprise IT administrator may send a notification to the employeerequesting the employee to access the policy management portal 142 forwork-related applications. The notification may be in the form of a linkin an e-mail for example. The notification may include login credentialinformation. The login credential information may be in a form ofusername and password. Alternatively, the notification may not includelogin credential information and may inform the employee to access thepolicy management portal 142 with the employee's credentials presentlyregistered with the enterprise IT department.

The employee may select the link in the notification to receivework-related application on the policy management portal 142. Responsiveto the selection of the link, the UE 102 (or the policy managementclient on the UE 102) may send a download request message to the policymanagement server 140 for downloading the work-related applications. Thepolicy management server 140 may request the employee to provide logincredential information. The employee in response provides his/her logincredentials. If the provided login credentials do not match the logincredential stored in the policy management server 140, the policymanagement server 140 may deny the employee access to the policymanagement portal 142. If the provided login credential match the logincredential stored in the policy management server 140, the policymanagement server 140 may distribute from the policy management portal142 the work-related applications associated with the employee to the UE102. The policy management portal 142 houses the work-relatedapplications.

In one implementation, the policy management server 140 identifies theenterprise associated with the employee and provides the employee withthe applications associated with that specific enterprise. The policymanagement server 140 may ask the employee to identify the enterpriseassociated with the employee. Alternatively or additionally, the policymanagement server 140 may obtain this information from the credentialsof the employee. In either case, the policy management server 140distributes to the employee the work-related applications stored in thepolicy management portal 142 and associated with the employee'senterprise. The policy management server 140 also determines the groupassociated with the employee and provides the employee with the specificapplications assigned to that group. In keeping with the previousexample, if the employee is associated with the BYOD group, the policymanagement server 140 provides the employee with the business dataapplication 102 a. In one example, the policy management server 140 mayautomatically push the business data application 102 a to the UE 102. Inanother example, the policy management server 140 allows the employeesto download the business data application 102 a to the device 102 of theemployee. In yet another example, if the policy management server 140does not host the business data application 102 a, the policy managementserver 140 may instruct a third party server (e.g., the business dataapplication server 150) to push the business data application to the UE102. To this end, the policy management server 140 may provide thebusiness data server 150 with information identifying the employeeand/or the UE 102 associated with the employee. For example, the policymanagement server 140 may provide the employee's e-mail address and/orthe MDN of the UE 102 to the business data server 150. The business dataserver 150 then pushes the business data application 102 a to the UE102.

The business data application 102 a may be configured with presetpolicies or may connect with the policy management server 140 and/or thebusiness data server 150 to download such policies. The latter scenariois described in more details with FIG. 9. The policies may includeinstructions for causing the business data application 102 a to connectto the business PGW 123 and establish a business data tunnel between theUE 102 and the 800 PDN. The business tunnel may only be used forexchanging business-related traffic between the UE 102 and the network100. The personal-related traffic may travel over the personal tunnelestablished between the UE 102 and the Internet PDN. The personal tunnelmay be established using the personal APN in the attachment request fromthe UE 102 to the MME 112. The business tunnel may be established usingthe business APN in the attachment request from the UE 102 to the MME112. Moving forward it is assumed that the personal APN corresponds tothe Internet APN, and the business APN corresponds to the 800 APN.However, it is understood that the personal and business APNs cancorrespond to other types of APNs as well (e.g., IMS APN, Admin APN, AppAPN). The type of APN (e.g., Internet APN or the 800 APN) used in theattachment request may be identified based on the active persona of theUE 102. The active persona of the UE 102 depends on whether the user isoperating within the environment of the business data application 102 a.If the user is operating within the environment of the business dataapplication 102 a, the business person is active and the attachmentrequest includes the 800 APN. If the user is operating outside theenvironment of the business data application 102 a, the personal personais active and the attachment request includes the Internet APN.

To illustrate one specific example, when a customer uses an Internetbrowser on the UE 102 to access X1Y2.com, the customer enters the URLwww.X1Y2.com in the address bar of a web browser application on the UE102. The web browser forwards the URL to the http handler. The httphandler sends a data connection request to the MME 112 referencing theInternet APN. The MME 112 identifies that the data connection request isfor the Internet APN and send the request to the personal PGW 122. Thepersonal PGW 122 receives the request and checks with the HSS 110 toconfirm that the UE 102 is eligible for such a connection. Thesubscriber profile on the HSS 110 or the AAA may include informationabout which APNs the UE 102 is allowed to use for attachment to thenetwork 100. For example, if the Internet APN does not exist in thesubscriber profile, the personal PGW 122 does not establish the personaltunnel between the UE 102 and the Internet PDN. If the Internet APNexists in the subscriber profile, the personal PGW 122 establishes thepersonal tunnel between the UE 102 and the Internet PDN. The UE 102 maythen retrieve the web page associated with X1Y2.com. The data usageassociated with visiting various links while using X1Y2.com may becharged to the customer.

Now, when the customer uses the business data application 102 a toaccess the network, the business data application 102 a sends a dataconnection request to the MME 112 referencing the 800 APN, The MME 112identifies that the data connection request is for the 800 APN and sendthe request to the business PGW 123. The business PGW 123 may check HSS110 to determine if the UE 102 is eligible for this connection. If the800 APN does not exist in the subscriber profile, the business PGW 123does not establish business tunnel between the UE 102 and the 800 PDN.If the 800 APN exists in the subscriber profile, the business PGW 123establishes the business tunnel between the UE 102 and the 800 PDN. Inone implementation, the business PGW 123 may check to determine whetherthe destination IP address is registered with the firewall at thebusiness PGW 123. If the destination IP address is not registered withthe firewall, the business PGW 123 may deny the connection request tothe destination IP address. If the destination IP address is registeredwith the firewall, the business PGW 123 may allow the connection requestto the destination IP address. The enterprise may register with thefirewall at the business PGW 123 the destination IP addresses for whichthe UE 102 is allowed to access using the business tunnel.

In this manner, the business traffic travels through the business tunneland the personal traffic travels through the personal tunnel from the UE102 to the PDN cloud 124. Since each tunnel is associated with adifferent PGW and associated with a different APN, the network candistinguish between the personal usage and the business usage and canbill the appropriate entity accordingly. Specifically, the usage overthe personal tunnel may be personal usage and the usage over thebusiness tunnel may be business usage. The records are created forpersonal PGW 122 and charged to the user's personal account. Similarly,the records are created for the business PGW 123 and charged to theenterprise persona-based billing account. The records for business PGW123 may be created by monitoring the usage to a destination IP address.The business PGW 123 may have the IP to Rating group relationship, sowhen the call record is created, the business PGW 123 takes the usagethat occurred to the destination IP address, turns that into usage to arating group on the call record, and forwards this information to thedata mediation server. The data mediation server sends this informationthe VISION 111. The VISION 111 is an IT system that stores the ratinggroup to persona-based data billing account relationship. When thebilling records are sent from the data mediation server to the VISION111, the VISION 111 looks at the rating group and bills the appropriateaccount associated with the rating group

The user of the UE 102 and the enterprise may each be charged based on apost-pay mechanism or a pre-paid mechanism. In the post-pay mechanism,the customer (e.g., the user of the UE 102 and/or the enterprise) isallowed to use the data network 100 first and pay for such usage later,for example, on a monthly basis. To this end, the network elements(e.g., the personal PGW 122 and the business PGW 123) create a usagedata records showing how much data was used and to which rating group itshould be charged to as the session ends and forward the records to CDF130. In keeping with the previous example, when the user visitsX1Y2.com, the personal PGW 122 generates records associated with thisactivity (e.g., 1 MB data usage associated with visiting X1 Y2.com) andforwards these records to the CDF 130 when the session ends. The recordsin the CDF 130 may be updated periodically, such as every half hour. TheCDF 130 formats this data usage records and sends it to the IT billingsystem of the mobile communication network provider (e.g., VISION 111)to generate a billing statement for the customer based on this datausage record. This billing statement is associated with the user'spersonal account since it was accumulated at the personal PGW 122.

For another example, when the user launches a data session using thebusiness data application 102 a, the request is sent to the business PGW123. The business PGW 123 generates records associated with thisactivity (e.g., 1 MB data usage associated with using the business dataapplication 102 a) and forwards these records to the CDF 130 when thesession ends. The records in the CDF 130 may be updated periodically,such as every half hour. The CDF 130 formats this data usage records andsends it to the IT billing system of the mobile communication networkprovider (e.g., VISION 111) to generate a billing statement for thecustomer based on this data usage record. This billing statement isassociated with the rating group based on the destination IP address andto the corresponding enterprise persona-based billing account since itwas accumulated at the business POW 123.

In the pre-paid mechanism, the customer may be charged in real-timeagainst a pre-paid deposit. For example, a pre-paid customer may have todeposit $100 on his/her account before being granted access to the datanetwork 100. Once the customer's $100 on the account is exhausted, thecustomer's access to the network 100 is denied until the customerrecharges its account. The pre-paid mechanism is supported by the OCS132, which is a real-time charging system. In keeping with the previousexample, when the user of the UE 102 launches a data session andrequests access to X1Y2.com, the request is sent to the personal PGW122. Before forwarding the customer's request to the X1Y2 server, thepersonal PGW 122 checks with the HSS 110 to determine how the customershould be charged for the data traffic. If the HSS 110 informs thepersonal PGW 122 that the customer is a post-pay customer, the personalPGW 122 allows access and bills the customer later. If the HSS 110informs the personal PGW 122 that the customer is a pre-paid customer,the personal PGW 132 checks with the OCS 132 to determine if thecustomer has sufficient funds for this data usage. If yes, the personalPGW 122 forwards the customer's request to the X1Y2 server. If the OCS132 informs the personal PGW 122 that the customer does not havesufficient funds, the personal PGW 122 stops the customer from accessingthe X1Y2 server.

The personal PGW 122 is configured to monitor the data usage. When thecustomer launches a new data session, the personal PGW 122 sends arequest to the OCS 132 to validate the customer. If the customer isvalid and has money/credit, the OCS 132 grants usage allowance. Forexample, the OCS 132 grants a specific Mega Bytes (MB) usage allowanceand returns this granted usage allowance to the personal PGW 122. Inresponse, the personal PGW 122 allows the customer to use the datanetwork and start monitoring the data usage. Once the granted usageallowance is used up, the personal PGW 122 sends another request to theOCS 132 to ask for an additional usage allowance. If the customer isout-of-credit, the OCS 132 denies the additional usage allowance. Thepersonal PGW 122 may maintain the data session, and stop the customerfrom access to the Internet by dropping the out-going data packets.

On the UE 102 side, the UE 102 may not know the customer isout-of-credit. Therefore, the applications on the UE 102 may stillattempt to send data packets since data session is still up. Based ontoday OS logic, when there is no incoming acknowledgement being receivedfor the out-going data packets, after a certain time period, the OSresets the radio channel (e.g., terminates existing data session andre-establishes a new one). The PGW 122 knows if the granted usageallowance or data quota assigned to this user by the OCS 132 is used up.Once granted usage allowance is used up, the PGW 122 reports the usedusage allowance and sends a request to the OCS 132 to ask for a newgranted usage allowance or data quota. The OCS 132 charges the usedusage allowance reported by the PGW 122 to the customer account, andthen determines if the customer has enough money/credit to grant thenext data quota.

For example, assume the customer has 1 GB on his/her account, thepersonal PGW 122 requests for quota from the OCS 132. The OCS 132returns with granted usage allowance of, for example, 100 MB. Thepersonal PGW 122 may then allow the customer access to the Internet. Thepersonal PGW 122 monitors if the 100 MB has been depleted. If yes, thepersonal PGW 122 reports the used usage allowance of 100 MB to the OCS132 and then sends a request for a new quota. The OCS 132 updates thecustomer account from 1 GB to 900 MB, and then assigns a new grantedusage allowance of 100 MB to the PGW 122. Although in theabove-described example, the personal PGW 122 was discussed asmonitoring data usage in the pre-paid mechanism, the business PGW 123may also monitor data usage in the pre-paid mechanism in essentially thesame manner which is not repeated here for the sake of simplicity andbrevity of description.

The elements within the network 100 can override persona associated withthe specific data traffic. For example, if the employee attempts toaccess the network 100 under the personal persona using the Internet APNand the network elements determine that the employee does not havesufficient fund to proceed and is a prepaid employee, the networkelements (e.g., the personal PGW 122) may instruct the UE 102 to changethe Internet APN type connection request to the 800 APN type connectionrequest to allow the employee access to the specific data. The networkelements may first generate a notification to the enterprise ITdepartment to confirm such modification is acceptable. The enterprise ITdepartment may review the connection request and may determine that theusage is really business usage and should have been triggered under thebusiness persona instead of the personal persona and therefore mayapprove the connection request. In this scenario, the network elementsmay charge the enterprise for the data connection instead of theemployee. In a slightly different implementation, the network elementsmay not change the nature of the connection from the Internet APNconnection to the 800 APN connection instead they may simply change theentity for which the bill should be generated (e.g., from the employeeto the enterprise). Similar to the previous scenario, once the networkelements determine that the employee does not have sufficient fund toproceed and is a prepaid employee, the network elements (e.g., PGW 122)may generate a notification to the enterprise IT department to informthe enterprise IT department of such usage and seek confirmation of theenterprise IT department to bill the enterprise for the data service. Inresponse, the enterprise IT department may review the connection requestand may determine that the usage is really business usage and shouldhave been triggered under the business persona instead of the personalpersona and therefore may approve the data usage to be charged to theenterprise persona-based data billing account. In this scenario, thenetwork elements may charge the enterprise for the data traffic insteadof the employee.

Moving forward, the UE 102 may be a 4G device that can communicate withthe personal PGW 122 and the business PGW 123 through the eNodeB 116 andSGW 118. The 4G device operating in non-LTE environment can stillutilize the 4G network through the BTS 114, the enhanced Radio NetworkController (eRNC) 126, and the hSGW 128. The BTS 114 receives the radiosignals from the UE 102 and passes the signals to the eRNC 126 which mayforward the signals to the hSGW 128. The functionality of the hSGW 128is similar to that of SGW 118 except the hSGW 128 also acts as aninterface between the 3G network and the 4G network.

To allow for separate billing, the enterprise may have to first to buydata services from the mobile communication network provider (e.g.,Verizon Wireless™). To this end, the enterprise would have one accountfor policy management service and one account for persona-based databilling for its employees with the mobile communication networkprovider. The enterprise may create such an account in VISION 111. Oncethe persona-based data billing account is created, the enterprise mayselect a data plan from among a plurality of data plans. Each of thedifferent data plans may allow the enterprise to enroll up to certainnumber of employees. For example, a 500 GB data plan may allow theenterprise to enroll up to 250 employee devices for receiving splitbilling associated with persona-based data billing. For another example,a 1000 GB data plan may allow the enterprise to enroll up to 1000employee devices for receiving split billing associated withpersona-based data billing. Once the persona-based data billing accountis created and the data plan is selected, this information may beprovided to the policy management server 140. The policy managementserver 140 updates the policy management portal 142 to associate thedata service account of the enterprise with the policy managementaccount of the enterprise.

FIG. 2 illustrates an exemplary process 200 for establishingpersona-based data billing account and registering employees to thepersona-based data billing account. The process 200 begins withpresenting a dual persona data plan to the enterprise interested inpaying for its employees' business data usage (Step 210). The dualpersona data plan may be presented to the enterprise at the point ofsale (POS) or at a web interface. The web interface may include thepolicy management portal 142.

The enterprise may interact with the sales representative to set up thepersona-based data billing account (also referred to as corporationon-boarding) (Step 212). The sales representative interacts with theenterprise and contract may be setup in the ECPD. The ECPD may beupdated with a dual persona enrolled indicator. The VISION 111 may alsobe updated to reflect the persona-based data billing account of theenterprise. The policy management server 140 updates the policymanagement portal 142 to include a persona-based data billingapplication for allowing the enterprise to register its employees to thepersona-based data billing account. Upon selecting the persona-baseddata billing application the enterprise may be directed to a pluralityof tabs within the persona-based data billing application. The pluralityof tabs includes a setup tab and a policy management tab. Under thesetup tab, the enterprise may access the enterprise's accountsassociated with the persona-based data billing. The enterprise may haveseveral accounts associated with persona-based data billing or may haveone account associated with persona-based data billing. The severalaccounts may be necessary if the enterprise wishes to assign differentdata plans for the different accounts. The different accounts may becreated to distinguish among the employees of the enterprise. Forexample, the enterprise's upper management employees may be assigned toone account with a greater data access than the account associated withthe employees working under the upper management. Alternatively, theenterprise's upper management employees may be assigned to one accountwith a lower data access than the account associated with the employeesworking under the upper management because fewer upper managementemployees exist as compared to employees working under the uppermanagement. This scheme can utilize different enterprise persona-baseddata billing accounts for different groups of employees. For example,the upper management may be associated with one group of enterprisepersona-based data billing account and the employees working under theupper management may be associated with another group of enterprisepersona-based data billing account. In this manner, business data usageby an employee in one group does not affect the amount of available datato the employees in the other group.

The persona-based data billing accounts may be displayed to theenterprise. The persona-based data billing accounts may be displayed ina grid view with the following information: account number, price plandescription, allowance, participating lines, and/or action column. Theparticipating lines may indicate the total count of wireless numbersenrolled within the account in real time for the persona-based databilling. The action column may include an option to manage plans and anoption to manage lines. The option to manage plans may allow theenterprise to update the price plan associated with the account. Theoption to manage lines may allow the enterprise to view the linescurrently enrolled in the persona-based data billing account and mayfurther allow the enterprise to add and/or delete lines from theaccount.

FIG. 3A illustrates an exemplary user interface 300A that may bedisplayed to the user under the setup tab of the persona-based databilling application. The user interface 300A includes account column 310a, price plan column 310 b, an allowance column 310 c, participatinglines column 310 d, and action column 310 e. The account column 310 adisplays various accounts of the enterprise enrolled for thepersona-based data billing. The price plan column 310 b displays thetier plan associated with each account. For example, the account 999-001is associated with $120.00 plan per month; whereas, the account 888-001is associated with $150.00 plan per month. The allowance column 310 cdisplays the allowed data usage for each plan per month. For example,$120.00 plan per month may be associated with the 100 MB of data usageper month; whereas, the $150.00 plan per month may be associated withthe 150 MB of data usage per month. The participating lines column 310 ddisplays the number of allowable participating lines per plan. The$120.00 plan per month may be associated with the maximum of 20participating lines; whereas, the $150.00 plan per month may beassociated with maximum of the 150 MB of data usage per month may beassociated with the maximum of 40 participating lines. The action column310 e displays a manage plan action link and a manage line action link.

Referring again to FIG. 2, the enterprise creates a rating group for thepersona-based data billing account (Step 214). The rating group is acollection of IP addresses used by the enterprise applications in thebusiness data application 102 a. In one example, the rating group may bemapped to a maximum of 8 IP addresses. The limitation of 8 IP addressesmay be due to a specific design implementation. Other implementationsare contemplated. For example, the rating group may be mapped to morethan or less than 8 IP addresses. The rating group, the persona-baseddata billing account, and the policy management account of theenterprise may be mapped in the HSS 110. The enterprise may provide oneor more IP addresses to the persona-based data billing application. Thepersona-based data billing application registers with the HSS 110 theone or more IP addresses as the IP addresses for which an 800 APNconnection is authorized. The IP addresses may correspond to work e-mailor other work-related applications.

The enterprise may register employees to the enterprise persona-baseddata billing account (Step 216). The enterprise may add wireless linesof the employees to the enterprise persona-based data billing account.In one example, the enterprise IT administrator manually enters thewireless lines associated with the employees in the persona-based databilling application. In another example, the persona-based data billingapplication automatically receives this information from the IT serversvia instructions from the enterprise IT administrator. The wirelessnumbers of the employees are received by the persona-based data billingapplication through one or more of the above-described procedures andmay be validated to ensure they are active as described in more detailswith respect to FIG. 3B.

FIG. 3B illustrates an exemplary user interface 300B for managing linesassociated with a specific enterprise persona-based data billingaccount. The user interface 300B appears when the user selects themanage lines link in the user interface 300A. The user interface 300Bincludes an account field 320 a, a search field 320 b, and a resultfield 320 c. The account field 320 a displays lines associated withaccount 999-001. The user can select a different account number from thedropdown menu option on the account field 320 a and the user interface300B may automatically refresh with lines associated with the newlyselected account. The search field 320 b may allow the user to conduct asearch based on a username or a wireless number. When the search iscomplete, the result associated with the search criteria may bedisplayed in the result field 320 c. If no specific search criteria arespecified in the search field 320 b, the result field 320 c may displayall lines currently registered within the selected account. The displaymay include the wireless numbers, user names, user e-mails, companyuser, enrollment date and check box column. The company user (e.g.,enterprise IT administrator) may be the user who registered the employeeand the employee's wireless number with the account. The check boxcolumn may allow the enterprise IT administrator to select/deselect allwireless numbers, as well as individual wireless numbers, in the searchfield 320 c. When a selection occurs, the enterprise IT administratormay have the option to move a line to a different account for billing byselecting a move icon or may have the option to delete the number fromthe account by selecting the delete icon. If no existing lines areavailable under the account, the result field 320 c may display amessage indicating the same to the enterprise IT administrator. Theenterprise IT administrator may also have the option to add a line tothe account by selecting an add icon.

Selecting the add icon may result in a display of available lines to beadded to the account. The lines may be identified as described above andmay be validated to confirm the lines are active and within the mobilecommunication network provider billing system. The lines may also bechecked to ensure that they are associated with a specific type device(e.g., a 4G device) in the implementation in which the persona-baseddata billing is supported for specific type devices. If the line is notactive (e.g., suspended), is not associated with the mobilecommunication network provider, or is not associated with a specifictype of device, the line may not be displayed among the available lines.The enterprise IT administrator may select from the available list andmay also select an e-mail to be sent to the e-mail address of theemployees enrolled for the persona-based data billing. When theenterprise IT administrator selects the submit icon, the lines selectedmay receive a free text message informing the employees that they havebeen registered for persona-based data billing and may not be chargedfor business usage associated with the business data application 102 a.The message may also result in communication of policies to the businessdata application 102 a to configure the business data application 102 aor the UE 102 to connect to the 800 PGW 123 using the 800 APN in theattachment request. For example, the message may include a feature codewhich may turn on the 800 APN access on the UE 102. Therefore, each timethe user is operating within the environment of the business dataapplication 102 a, data communication may travel over the 800 APNconnection instead of the Internet APN connection.

FIG. 3C illustrates an exemplary user interface 300C for managing plansassociated with a specific enterprise persona-based data billingaccount. The user interface 300C appears when the user selects themanage plan link in the user interface 300A. The user interface 300C maydisplay the selected account (e.g., 999-001) and the current plan forthe selected account. The display interface may also display otheravailable plans to the enterprise IT administrator to allow the companyuser to change from the current plan to another plan if desired.

After the employees are enrolled with the persona-based data billing,the employees' usage flow may be monitored and billed to either theemployee or the enterprise depending on the type of the usage (Step218). The business generated traffic may be billed to the enterprise andthe personal generated traffic may be billed to the employee. Toillustrate one specific example, the employee can use the business dataapplication 102 a to access work e-mail. The IP address associated withthe e-mail server may be previously registered with the business PGW 123since the e-mail server is a work-related server. Since the businessdata application 102 a is being used, a request to access the worke-mail may go through the business PGW 123 based on the 800 APN used inthe attachment request to the network 100. The business PGW 123generates records associated with this activity (e.g., 1 MB data usageassociated with accessing the work e-mail) and forwards these records tothe CDF 130 when the session ends. The records in the CDF 130 may beupdated periodically, such as every half hour. The CDF 130 formats thisdata usage records and sends it to the IT billing system of the mobilecommunication network provider (e.g., VISION 111) to generate a billingstatement for the customer based on this data usage record. This billingstatement is associated with the rating group based on the destinationIP address and to the corresponding enterprise persona-based billingaccount since it was accumulated at the business PGW 123.

FIG. 4 illustrates an exemplary process 400 for accessing the businessdata application 102 a. The user interface 400A shows a plurality ofapplications. The plurality of applications include, among others,business data application 102 a, WiFi application, Gmail application,Pandora application etc. The user may select the business dataapplication 102 a to access the user's work-related applications. Uponselecting the business data application 102 a, the user interface 400Bis presented to the user seeking authentication information. Theauthentication information may be in the form of username and passwordor just a password as shown in this case. The authentication informationmay be previously provided to the user by the enterprise (e.g., the ITdepartment of the enterprise). The enterprise may provide thisinformation to the user, for example, when the enterprise informs theuser of being enrolled in the persona-based data billing. Alternatively,the authentication information may be created by the user and maycorrespond to the work-related authentication information. Upon enteringvalid authentication information, the user interface 400C is presentedto the user. The user interface 400C displays a plurality ofwork-related applications. The work-related applications may reside onthe UE 102 or may be hosted on the policy management portal 142. Thework-related applications include, among others, mail application,contacts application, calendar application, messaging application, etc.

The business data application 102 a sets up a secure container on the UE102 for housing the business persona. The data usage incurred by theuser while in the business persona may be billed to the users' employer.To accomplish this, the business data application 102 a is configured toutilize business tunnel established using the 800 APN. Any data requestsmade by the device while in the business persona may only be sent overbusiness tunnel. The enterprise may have full control over the businesspersona. This may include full control over the applications that areinstalled in the business persona, as well as the ability to setpassword standards, lock the device or the business data application 102a, wipe the business data application 102 from the device as well asother management functions. The enterprise may have the ability tocontrol the business persona via the policy management service offeredby the policy management server 140. In the implementation in which thebusiness data application 102 a is hosted by a third party (e.g., thebusiness data server 150), the policy management server 140 may beconnected with the third party server (e.g., business data server 150)to control the business data application 102 a.

FIGS. 5A-5B illustrate an exemplary process 500 for establishing a dataconnection between the UE 102 and the network 100. The elementsperforming the various steps of the process 500 include UE 102, eNB 116,MME 112, SGW 118, PGW 122/PGW 123, PCRF 120, HSS 110, and OCS 130. Theseelements are similar to those shown in FIG. 1. Therefore, for the sakeof brevity of description and simplicity, they are not described here inmore detail. The process 500 also involves AAA 502 and CCF 504. The AAA502 authenticates the PDN connection requests received from the UE 102.For example, the AAA 502 determines whether the UE 102 is authorized torequest a specific APN connection. The CCF 504 acts as a counter andkeeps track of the data usage associated with different data connectionsbetween the UE 102 and the network 100.

The process 500 begins with the UE 102 initiating an attachment requestto the MME 112 via the eNB 116 (Step 510). The attachment request mayspecify the type of the APN based on the active persona on the UE 102.The APN may correspond to the Internet APN or the 800 APN. In keepingwith the previous example, it is assumed that the APN corresponds to the800 APN. The attachment request is sent to the MME 112. The MME 112recognizes that the request is for the 800 APN and forwards the requestto the appropriate network entities for establishing a business tunnelbetween the UE 102 and the 800 PDN. If the business tunnel alreadyexists, the UE 102 does not create a new connection and instead createsa new data session with a new session ID over the existing businesstunnel.

The MME 112 receives the connection request and in response sends aCreate Session Request message to the SGW 118 (Step 512). The SGW 118forwards the Create Session Request message to the business PGW 123(Step 514). The MME's 112 selection of the SGW 118 and the business PGW123 depends on configuration parameters specified in the attachmentrequest. For example, the MME 112 may select the SGW 118 and thebusiness PGW 123 based on the APN specified in the attachment request.Specifically, the MME 112 identifies the business PGW 123 that providesthe 800 APN connectivity and that is closest to the subscriber location.Based on the identified business PGW 123, the MME 112 selects the SGW118.

The business PGW 123 receives the Create Session Request message andperforms authentication before creating a session and providing the UE102 with a session response. To this end, the business PGW 123 sends anauthentication request to the AAA server 502 (Step 516). Theauthentication request may seek to authenticate the user's request toestablish the business tunnel. The AAA server 502 may authenticate theuser's access request based on its internal record and/or based oninteracting with the HSS 110 (Step 518). In either case, the AAA server502 sends the authentication result to the business PGW 123 (Step 520).Assuming the user is authorized to establish the business tunnel, thebusiness PGW 123 then determines the traffic profile for the user bysending IP-CAN Session Establishment Procedure message to the PCRF 120(Step 522). If the PCRF 120 does not have the user's traffic profile,the PCRF downloads user's traffic profile from the HSS 110 (Step 524).If there is no subscription to a profile update notification for theuser, the PCRF 120 may subscribe to the profile update notification. ThePCRF 120 forwards the user's traffic profile to the business PGW 123(Step 528).

The business PGW 123 determines whether the destination IP address isamong the IP addresses registered with its firewall. If so, the businessPGW 123 may check with the OCS 130 to determine whether the enterprisehas sufficient funds available for establishing the PDN data connection(Step 530). The OCS 130 provides the business PGW 123 with a responseregarding the sufficiency of the enterprise's fund for establishing thePDN data connection (Step 532). If the enterprise does not havesufficient funds and the enterprise is a pre-paid customer, the businessPGW 123 may deny the session request and inform the user of the same. Ifthe enterprise has sufficient funds or the enterprise is a post-paycustomer, the business PGW 123 sends a Create Session Response messageto the SGW 118 (Step 536). The business PGW 123 also sends an AARmessage to the AAA server 502 informing the AAA server 502 of the IPaddress that is being assigned to the UE 102 (Step 534). The AAA server502 responds with AAA message (552) confirming receipt and providingsession ID and result code. After the PDN session establishment iscomplete, the business PGW 123 sends an ACR-Start message to the CCF 504(Step 554). The CCF 504 responds with an ACA message to the PGW 122(Step 556). The start message may indicate to the CCF 504 to start thetimer associated with this data session. The business PGW 123 also sendsa downlink data to the SGW 118 (Step 558) informing the SGW 118 that thenetwork 100 is ready to accept and download data to the UE 102.

The SGW 118 forwards the Create Session Response message to the MME 112(Step 538), which may forward E-RAB Setup Request message to the eNB 116(Step 540). In response, the eNB 116 sends an RPC ConnectionReconfiguration message to the UE 102 (Step 542). The RPC ConnectionReconfiguration message assigns the IP address to the UE 102 andprovides the UE 102 with the radio bearer identity of the eNB 116 forcommunication with the network 100. The UE 102 informs the eNB 116 thatit has completed configuration by sending an RPC ConnectionReconfiguration Complete message to the eNB 116 (Step 544). In response,the eNB 116 forwards an E-RAB Setup Response message to the MME 112(Step 546). The E-RAB Setup Response message indicates to the MME 112that the UE 102 is in connected mode and can communicate with thenetwork 100. Thereafter, the UE 102 sends to the eNB 116 a ULInformation Transfer message (Step 548). The UL Information Transfermessage informs the network 100 that the UE 102 is ready to upload datato the network 100. In response, the eNB 116 forwards UL NAS Transportmessage to the MME 112 (Step 550).

The MME 112 sends a Modify Bearer Request message to the SGW 118 (Step562). The Modify Bearer Request message informs the SGW 118 of the nameof eNB 116 serving the UE 102. The SGW 118 notes the eNB's 116 name andresponds back to the MME 112 with a Modify Bearer Response (Step 564).From this point forward, the data communication may happen directlybetween the UE 102 and the business PGW 123 without having to go to theMME 112.

FIG. 6 illustrates an exemplary process 600 for controlling the businessdata application and its business content via the policy managementserver 140 and the business data server 150. The enterprise may havefull control over the applications that are installed in the businesspersona, as well as the ability to set password standards, lock thedevice or the business data application 102 a, wipe the business dataapplication 102 from the device as well as other management functions.The enterprise may have the ability to control the business persona viathe policy management service offered by the policy management server140. To accomplish this, the enterprise may utilize the process 600.

The process 600 begins with the enterprise sending a command via thepolicy management server 140 to the business data server 150 (Step 610).The command may include a wipe command or a lock command and may beinvoked by the enterprise IT administrator. In response, the businessdata server pushes the command to the business data HTTPs server 602(Step 612), which in turn forwards the command to the UE 102 (Step 614).The business data HTTPs server 602 forwards the command over the 800 APNto the UE 102. In response, the UE 102 establishes session using the 800APN with the 800 PDN 606 (Step 616). The session request includes therequest for IP address of the business data server 150. The 800 PDN 606forwards the session request to the DNS server 604 (Step 618). The DNSserver 604 returns the IP address of the business data web server 150 tothe UE 102 (Step 620). In response, the UE 102 executes the command andsends the result back to the business data server 150 (Step 622). Thecommand may be instruction for the UE to contact the enterprise downloadserver to, for example, add an application to the business persona. Inresponse, the UE 102 establishes a connection with the enterprisedownload server and downloads the application to be added to thebusiness persona. To accomplish this, the UE 102 may establish a newdata session with the 800 APN and may request the IP address of theenterprise download server from the DNS server 604. The DNS server 604provides the IP address of the enterprise download server to the UE 102.In response, the UE 102 connects with the enterprise download server anddownloads the application. The UE sends the successful result of theexecution to the business data server 150 (Step 622) and the businessdata server 150 returns successful result to the policy managementserver 140 (Step 624).

FIG. 7 illustrates an exemplary process 700 for establishing aconnection between the UE 102 and the policy management server 140. Theprocess 700 begins with the policy management client on the UE 102establishing session with 800 PDN 704 (Step 710). The session requestmay include the URL or the IP address for the policy management server140. If the session request includes the URL for the policy managementserver 140, the 800 PDN 704 forwards the session request to the DNSserver 702 (Step 712). The DNS server 702 returns the IP addressassociated with the policy management server 140 (Step 714). Inresponse, the policy management client on the UE 102 completes check-inwith the policy management server 140 and sends the standard information(Step 716). The policy management server 140 responds with check-inacknowledgment to the policy management client on the UE 102 (Step 718).The policy management client on the UE 102 may check-in with the policymanagement server 140 once per day for reporting purposes such as deviceMDN, MEID, device model, OS, and application installed in the businesspersona. The timeout for the connection may be several minutes (e.g., 5minutes). However, if the policy management client on the UE 102 failsto connect within the next 24 hour interval, the policy managementclient may attempt to connect every 30 minutes until it succeed.

FIG. 8 illustrates an exemplary process 800 for establishing aconnection between the UE 102 and the business data server 150. Theprocess 800 begins with the business data application 102 establishingsession with 800 PDN 804 (Step 810). The session request may include theURL or the IP address for the business data HTTPs server 806. If thesession request includes the URL for the business data server 150, the800 PDN 804 forwards the session request to the DNS server 802 (Step812). The DNS server 802 returns the IP address associated with thebusiness data HTTPs server 806 (Step 814). In response, the businessdata application 102 a completes check-in with the business data HTTPsserver 806 (Step 816). The business data HTTPs server 806 responds withcheck-in acknowledgment to the business data application 102 a (Step818). The business data application 102 a may connect to the businessdata HTTPs server 806 for communicating keep-alive messaging everyseveral minutes (e.g., 10 minutes). This interval may be OS dependent,but may be less than 30 minutes timeout associated with the 800 APN.

FIG. 9 illustrates an exemplary process 900 for installing enterpriseassociated policies for the installed business data application 102 a.Upon installation, the business data application 102 a may utilize theInternet APN to connect to the business data directory server 906, whichresponds to the business data application 102 a with the server names tobe used for the web and https servers. The business data application 102a may then connect with the identified web and http servers to downloadthe enterprises associated policies for the business data application102 a.

To illustrate further, the process 900 begins with the business dataapplication 102 a establishing a session with the Internet PDN 902requesting the IP address for the business data directory server 906(Step 910). The Internet PDN 902 forwards the request to the DNS server904 (Step 912). The DNS server 904 returns the IP address associatedwith the business data directory server 906 (Step 914). The deviceclient then connects with the business data directory server 906 andsends the domain being activated (e.g., e.g., Verizonwireless.com) (Step916). In response, the business data directory server 906 provides thename of the web (application) server and the http (push) server to thebusiness data application 102 a (Step 918). The business dataapplication may then connect with the identified servers to download thebusiness data associated policies.

As shown by the above discussion, functions relating to providingmultiple APN connections support may be implemented on computersconnected for data communication via the components of a packet datanetwork, operating as a personal PGW 122, a business POW 123, and thePDN 124 as shown in FIG. 1. Although special purpose devices may beused, such devices also may be implemented using one or more hardwareplatforms intended to represent a general class of data processingdevice commonly used to run “server” programming so as to implement themultiple APN connections function on the web browser discussed above,albeit with an appropriate network connection for data communication.

As known in the data processing and communications arts, ageneral-purpose computer typically comprises a central processor orother processing device, an internal communication bus, various types ofmemory or storage media (RAM, ROM, EEPROM, cache memory, disk drivesetc.) for code and data storage, and one or more network interface cardsor ports for communication purposes. The software functionalitiesinvolve programming, including executable code as well as associatedstored data, e.g. files used for allowing multiple APN connectionssupport on the UE 102. The software code is executable by thegeneral-purpose computer that functions as the UE 102. In operation, thecode is stored within the general-purpose computer platform. At othertimes, however, the software may be stored at other locations and/ortransported for loading into the appropriate general-purpose computersystem. Execution of such code by a processor of the computer platformenables the platform to implement the methodology for enabling multipleAPN connections support on the UE 102, in essentially the mannerperformed in the implementations discussed and illustrated herein.

FIGS. 10 and 11 provide functional block diagram illustrations ofgeneral purpose computer hardware platforms. FIG. 10 illustrates anetwork or host computer platform, as may typically be used to implementa server. FIG. 11 depicts a computer with user interface elements, asmay be used to implement a personal computer or other type of workstation or terminal device, although the computer of FIG. 11 may alsoact as a server if appropriately programmed. It is believed that thegeneral structure and general operation of such equipment as shown inFIGS. 10 and 11 should be self-explanatory from the high-levelillustrations.

A server, for example, includes a data communication interface forpacket data communication. The server also includes a central processingunit (CPU), in the form of one or more processors, for executing programinstructions. The server platform typically includes an internalcommunication bus, program storage and data storage for various datafiles to be processed and/or communicated by the server, although theserver often receives programming and data via network communications.The hardware elements, operating systems and programming languages ofsuch servers are conventional in nature. Of course, the server functionsmay be implemented in a distributed fashion on a number of similarplatforms, to distribute the processing load.

A computer type user terminal device, such as a PC or tablet computer,similarly includes a data communication interface CPU, main memory andone or more mass storage devices for storing user data and the variousexecutable programs (see FIG. 11). A mobile device type user terminalmay include similar elements, but may typically use smaller componentsthat also require less power, to facilitate implementation in a portableform factor. The various types of user terminal devices may also includevarious user input and output elements. A computer, for example, mayinclude a keyboard and a cursor control/selection device such as amouse, trackball, joystick or touchpad; and a display for visualoutputs. A microphone and speaker enable audio input and output. Somesmartphones include similar but smaller input and output elements.Tablets and other types of smartphones utilize touch sensitive displayscreens, instead of separate keyboard and cursor control elements. Thehardware elements, operating systems and programming languages of suchuser terminal devices also are conventional in nature.

Hence, aspects of the methods of providing multiple APN connectionssupport outlined above may be embodied in programming. Program aspectsof the technology may be thought of as “products” or “articles ofmanufacture” typically in the form of executable code and/or associateddata that is carried on or embodied in a type of machine readablemedium. “Storage” type media include any or all of the tangible memoryof the computers processors or the like, or associated modules thereof,such as various semiconductor memories, tape drives, disk drives and thelike, which may provide non-transitory storage at any time for thesoftware programming. All or portions of the software may at times becommunicated through the Internet or various other telecommunicationnetworks. Such communications, for example, may enable loading of thesoftware from one computer or processor into another, for example, froma management server or host computer of the communication networkprovider into the computer platform of the UE 102. Thus, another type ofmedia that may bear the software elements includes optical, electricaland electromagnetic waves, such as used across physical interfacesbetween local devices, through wired and optical landline networks andover various air-links. The physical elements that carry such waves,such as wired or wireless links, optical links or the like, also may beconsidered as media bearing the software. As used herein, unlessrestricted to non-transitory, tangible “storage” media, terms such ascomputer or machine “readable medium” refer to any medium thatparticipates in providing instructions to a processor for execution.

Hence, a machine readable medium may take many forms, including but notlimited to, a tangible storage medium, a carrier wave medium or physicaltransmission medium. Non-volatile storage media include, for example,optical or magnetic disks, such as any of the storage devices in anycomputer(s) or the like, such as may be used to implement the multipleAPN connections support on the UE 102 shown in the drawings. Volatilestorage media include dynamic memory, such as main memory of such acomputer platform. Tangible transmission media include coaxial cables;copper wire and fiber optics, including the wires that comprise a buswithin a computer system. Carrier-wave transmission media can take theform of electric or electromagnetic signals, or acoustic or light wavessuch as those generated during radio frequency (RF) and infrared (IR)data communications. Common forms of computer-readable media thereforeinclude for example: a floppy disk, a flexible disk, hard disk, magnetictape, any other magnetic medium, a CD-ROM, DVD or DVD-ROM, any otheroptical medium, punch cards paper tape, any other physical storagemedium with patterns of holes, a RAM, a PROM and EPROM, a FLASH-EPROM,any other memory chip or cartridge, a carrier wave transporting data orinstructions, cables or links transporting such a carrier wave, or anyother medium from which a computer can read programming code and/ordata. Many of these forms of computer readable media may be involved incarrying one or more sequences of one or more instructions to aprocessor for execution.

While the foregoing has described what are considered to be the bestmode and/or other examples, it is understood that various modificationsmay be made therein and that the subject matter disclosed herein may beimplemented in various forms and examples, and that the teachings may beapplied in numerous applications, only some of which have been describedherein. For example, even though the instant application describespersona-based data billing, the teachings of the instant application canequally apply to persona-based non-data billing such as, for example, tobilling associated with telephone calls to and from the employee'smobile station. As a result, minutes usage associated with eachtelephone call may also be billed based on the persona associated withthe telephone call. In this connection and in one specificimplementation, the mobile station may have two MDNs associated withit—one for a business persona of the user of the mobile station and onefor a personal persona of the user of the mobile station. If the usermakes an outgoing call while in the personal persona space (e.g., anenvironment outside of the business data application 110 a), the MDNassociated with the personal persona may be used to make the call. Ifthe user makes an outgoing call while in the business persona space(e.g., an environment inside of the business data application 110 a),the MDN associated with the business persona may be used to make thecall. In this manner, the network 100 can distinguish between thebusiness persona and the personal persona outgoing calls and can chargethe appropriate entity (e.g., the employee or the enterprise) for theoutgoing calls generated traffic. For incoming calls to the mobilestation of the user, the network 100 may distinguish between the typesof traffic based on the MDN associated with the incoming call. If theMDN is associated with the business persona of the user, the incomingcall may be received within the business space; otherwise, the incomingcall may be answered within the personal space on the mobile station. Ifthe user is in the personal space of his/her mobile station and receivesthe incoming call associated with the user's business persona, the usermay receive a notification in a form of a text message for example toanswer the call in the business persona space. To this end, the user mayactivate the business data application 110 a and answer the call. It isintended by the following claims to claim any and all applications,modifications and variations that fall within the true scope of thepresent teachings.

Unless otherwise stated, all measurements, values, ratings, positions,magnitudes, sizes, and other specifications that are set forth in thisspecification, including in the claims that follow, are approximate, notexact. They are intended to have a reasonable range that is consistentwith the functions to which they relate and with what is customary inthe art to which they pertain.

The scope of protection is limited solely by the claims that now follow.That scope is intended and should be interpreted to be as broad as isconsistent with the ordinary meaning of the language that is used in theclaims when interpreted in light of this specification and theprosecution history that follows and to encompass all structural andfunctional equivalents. Notwithstanding, none of the claims are intendedto embrace subject matter that fails to satisfy the requirement ofSections 101, 102, or 103 of the Patent Act, nor should they beinterpreted in such a way. Any unintended embracement of such subjectmatter is hereby disclaimed.

Except as stated immediately above, nothing that has been stated orillustrated is intended or should be interpreted to cause a dedicationof any component, step, feature, object, benefit, advantage, orequivalent to the public, regardless of whether it is or is not recitedin the claims.

It will be understood that the terms and expressions used herein havethe ordinary meaning as is accorded to such terms and expressions withrespect to their corresponding respective areas of inquiry and studyexcept where specific meanings have otherwise been set forth herein.Relational terms such as first and second and the like may be usedsolely to distinguish one entity or action from another withoutnecessarily requiring or implying any actual such relationship or orderbetween such entities or actions. The terms “comprises,” “comprising,”or any other variation thereof, are intended to cover a non-exclusiveinclusion, such that a process, method, article, or apparatus thatcomprises a list of elements does not include only those elements butmay include other elements not expressly listed or inherent to suchprocess, method, article, or apparatus. An element proceeded by “a” or“an” does not, without further constraints, preclude the existence ofadditional identical elements in the process, method, article, orapparatus that comprises the element.

The Abstract of the Disclosure is provided to allow the reader toquickly ascertain the nature of the technical disclosure. It issubmitted with the understanding that it will not be used to interpretor limit the scope or meaning of the claims. In addition, in theforegoing Detailed Description, it can be seen that various features aregrouped together in various embodiments for the purpose of streamliningthe disclosure. This method of disclosure is not to be interpreted asreflecting an intention that the claimed embodiments require morefeatures than are expressly recited in each claim. Rather, as thefollowing claims reflect, inventive subject matter lies in less than allfeatures of a single disclosed embodiment. Thus the following claims arehereby incorporated into the Detailed Description, with each claimstanding on its own as a separately claimed subject matter.

What is claimed is:
 1. A method comprising: receiving, from a firstclient application on a mobile device, a request to exchange first dataover a mobile communication network; upon receiving the request toexchange first data from the first client application, determiningwhether the first client application is associated with a first personaor a second persona of a user of the mobile device; upon determining thefirst client application is associated with the first persona,establishing a first data connection based on a first Access Point Name(APN) network identifier between the device and the mobile communicationnetwork and routing the first data over the first data connection;receiving, from a second client application on the mobile device, arequest to exchange second data over a mobile communication network;upon receiving the request to exchange second data from the secondclient application, determining whether the second client application isassociated with the first persona or the second persona of the user ofthe mobile device; and upon determining the second client application isassociated with the second persona, establishing a second dataconnection based on a second APN network identifier between the deviceand the mobile communication network and routing the second data overthe second data connection; wherein the second persona corresponds to abusiness persona of the user; and wherein one or more elements withinthe mobile communication network are configured to override the firstpersona by routing the first data over the second data connection, whenit is determined that the first data cannot be routed over the firstdata connection because of insufficient funds in an account associatedwith the first persona.
 2. The method of claim 1, wherein the firstpersona corresponds to a personal persona of the user, the businesspersona is associated with work-related applications of the user and thepersonal persona is associated with applications other than work-relatedapplications.
 3. The method of claim 2, wherein: determining whether thefirst client application is associated with the personal persona or thebusiness persona includes determining whether the first clientapplication is housed within the second client application configured tohouse work-related applications of the user and establish an 800 PDNconnection with the mobile communication network, and determining thefirst client application is associated with the personal persona if thefirst client application is housed outside of the business dataapplication on the mobile device.
 4. The method of claim 2, wherein:determining whether the second client application is associated with thepersonal persona or the business persona includes determining whetherthe second client application is housed a business data applicationconfigured to establish an 800 PDN connection with the mobilecommunication network, and determining the second client application isassociated with the business persona if the second client application ishoused within the business data application on the mobile device.
 5. Themethod of claim 1, wherein: the first APN includes an Internet APN andthe first data connection includes a connection to an Internet PDN, andthe second APN includes an 800 APN and the second data connectionincludes a connection to an 800 PDN.
 6. The method of claim 1, whereinthe second client application is configured to house work-relatedapplications and establish an 800 PDN connection with the network. 7.The method of claim 6, wherein each application housed within the secondclient application is configured to access an IP address authorized touse the 800 PDN connection.
 8. The method of claim 6, furthercomprising: requesting the user of the mobile device to provideauthentication information for accessing the second client application;receiving the authentication information; and upon determining thereceived authentication information corresponds to authenticationinformation associated with the second client application, enabling theuser of the mobile device to access the second client application.
 9. Amobile device comprising: a processor; and a memory storing executableinstructions for causing the processor to: receive, from a first clientapplication on the mobile device, a request to exchange first data overa mobile communication network; upon receiving the request to exchangefirst data from the first client application, determine whether thefirst client application is associated with a first persona or a secondpersona of a user of the mobile device; upon determining the firstclient application is associated with the first persona, establish afirst data connection based on a first APN network identifier betweenthe device and the mobile communication network and route the first dataover the first data connection; receive, from a second clientapplication on the mobile device, a request to exchange second data overa mobile communication network; upon receiving the request to exchangesecond data from the second client application, determine whether thesecond client application is associated with the first persona or thesecond persona of the user of the mobile device; and upon determiningthe second client application is associated with the second persona,establish a second data connection based on a second APN networkidentifier between the device and the mobile communication network androute the second data over the second data connection; wherein thesecond persona corresponds to a business persona of the user; andwherein one or more elements within the mobile communication network areconfigured to override the first persona by routing the first data overthe second data connection, when it is determined that the first datacannot be routed over the first data connection because of insufficientfunds in an account associated with the first persona.
 10. The mobiledevice of claim 9, wherein the first persona corresponds to a personalpersona of the user, the business persona is associated withwork-related applications of the user and the personal persona isassociated with applications other than work-related applications. 11.The mobile device of claim 10, wherein: to determine whether the firstclient application is associated with the personal persona or thebusiness persona the memory stores executable instructions for causingthe processor to determine whether the first client application ishoused within the second client application configured to housework-related applications of the user and establish an 800 PDNconnection with the mobile communication network, and the memory storesexecutable instructions for causing the processor to determine the firstclient application is associated with the personal persona if the firstclient application is housed outside of the business data application onthe mobile device.
 12. The mobile device of claim 10, wherein: todetermine whether the second client application is associated with thepersonal persona or the business persona the memory stores executableinstructions for causing the processor to determine whether the secondclient application is housed within a business data applicationconfigured to house work-related applications of the user and establishan 800 PDN connection with the mobile communication network, and thememory stores executable instructions for causing the processor todetermine the second client application is associated with the businesspersona if the second client application is housed within the businessdata application on the mobile device.
 13. The mobile device of claim 9,wherein: the first APN includes an Internet APN and the first dataconnection includes a connection to an Internet PDN, and the second APNincludes an 800 APN and the second data connection includes a connectionto an 800 PDN.
 14. The mobile device of claim 9, wherein the memorystores executable instructions for causing the processor to: request theuser of the mobile device to provide authentication information foraccessing the second client application; receive the authenticationinformation; and upon determining the received authenticationinformation correspond to authentication information associated with thesecond client application, enable the user of the mobile device toaccess the second client application.
 15. At least one non-transitorycomputer readable medium on which are stored instructions comprisinginstructions that when executed cause a programmable device to: receive,from a first client application on a mobile device, a request toexchange first data over a mobile communication network; upon receivingthe request to exchange first data from the first client application,determine whether the first client application is associated with afirst persona or a second persona of a user of the mobile device; upondetermining the first client application is associated with the firstpersona, establish a first data connection based on a first Access PointName (APN) network identifier between the device and the mobilecommunication network and route the first data over the first dataconnection; receive, from a second client application on the mobiledevice, a request to exchange second data over a mobile communicationnetwork; upon receiving the request to exchange second data from thesecond client application, determine whether the second clientapplication is associated with the first persona or the second personaof the user of the mobile device; and upon determining the second clientapplication is associated with the second persona, establish a seconddata connection based on a second APN network identifier between thedevice and the mobile communication network and route the second dataover the second data connection; wherein the second persona correspondsto a business persona of the user; and wherein one or more elementswithin the mobile communication network are configured to override thefirst persona by routing the first data over the second data connection,when it is determined that the first data cannot be routed over thefirst data connection because of insufficient funds in an accountassociated with the first persona.
 16. The computer readable medium ofclaim 15, wherein the first persona corresponds to a personal persona ofthe user, the business persona is associated with work-relatedapplications of the user and the personal persona is associated withapplications other than work-related applications.
 17. The computerreadable medium of claim 15, wherein: the first APN includes an InternetAPN and the first data connection includes a connection to an InternetPDN, and the second APN includes an 800 APN and the second dataconnection includes a connection to an 800 PDN.
 18. The computerreadable medium of claim 15, wherein the second client application isconfigured to house work-related applications and establish an 800 PDNconnection with the network.
 19. The computer readable medium of claim15, wherein the instructions when executed further cause theprogrammable device to: request the user of the mobile device to provideauthentication information for accessing the second client application;receive the authentication information; and upon determining thereceived authentication information corresponds to authenticationinformation associated with the second client application, enable theuser of the mobile device to access the second client application.